package org.interledger.stream.crypto;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.hash.Hashing;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Objects;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.interledger.core.SharedSecret;

/* loaded from: input_file:org/interledger/stream/crypto/JavaxStreamEncryptionService.class */
public class JavaxStreamEncryptionService implements StreamEncryptionService {

    @VisibleForTesting
    static final int AES_GCM_NONCE_IV_LENGTH = 12;
    private static final String CIPHER_ALGO = "AES/GCM/NoPadding";
    private static final byte[] ENCRYPTION_KEY_STRING = "ilp_stream_encryption".getBytes(StandardCharsets.US_ASCII);
    private static final int AUTH_TAG_LENGTH_BITS = 128;
    private static final int AUTH_TAG_LENGTH_BYTES = 16;

    @Override // org.interledger.stream.crypto.StreamEncryptionService
    public byte[] encrypt(SharedSecret sharedSecret, byte[] bArr) throws EncryptionException {
        Objects.requireNonNull(bArr);
        return encryptWithIv(sharedSecret, bArr, Random.randBytes(AES_GCM_NONCE_IV_LENGTH));
    }

    @VisibleForTesting
    byte[] encryptWithIv(SharedSecret sharedSecret, byte[] bArr, byte[] bArr2) throws EncryptionException {
        Objects.requireNonNull(bArr);
        byte[] asBytes = Hashing.hmacSha256(sharedSecret.key()).hashBytes(ENCRYPTION_KEY_STRING).asBytes();
        SecretKeySpec secretKeySpec = new SecretKeySpec(asBytes, "AES");
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_ALGO);
            cipher.init(1, secretKeySpec, new GCMParameterSpec(AUTH_TAG_LENGTH_BITS, bArr2));
            byte[] doFinal = cipher.doFinal(bArr);
            byte[] bArr3 = new byte[doFinal.length];
            System.arraycopy(doFinal, doFinal.length - 16, bArr3, 0, 16);
            System.arraycopy(doFinal, 0, bArr3, 16, doFinal.length - 16);
            ByteBuffer allocate = ByteBuffer.allocate(bArr2.length + doFinal.length);
            allocate.put(bArr2);
            allocate.put(bArr3);
            byte[] array = allocate.array();
            Arrays.fill(bArr2, (byte) 0);
            Arrays.fill(asBytes, (byte) 0);
            return array;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            throw new EncryptionException("Unable to Encrypt: ", e);
        }
    }

    @Override // org.interledger.stream.crypto.StreamEncryptionService
    public byte[] decrypt(SharedSecret sharedSecret, byte[] bArr) {
        Objects.requireNonNull(bArr);
        byte[] asBytes = Hashing.hmacSha256(sharedSecret.key()).hashBytes(ENCRYPTION_KEY_STRING).asBytes();
        SecretKeySpec secretKeySpec = new SecretKeySpec(asBytes, "AES");
        try {
            ByteBuffer wrap = ByteBuffer.wrap(bArr);
            byte[] bArr2 = new byte[AES_GCM_NONCE_IV_LENGTH];
            wrap.get(bArr2);
            byte[] bArr3 = new byte[wrap.remaining()];
            wrap.get(bArr3);
            byte[] bArr4 = new byte[bArr3.length];
            System.arraycopy(bArr3, 0, bArr4, bArr3.length - 16, 16);
            System.arraycopy(bArr3, 16, bArr4, 0, bArr3.length - 16);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGO);
            cipher.init(2, secretKeySpec, new GCMParameterSpec(AUTH_TAG_LENGTH_BITS, bArr2));
            byte[] doFinal = cipher.doFinal(bArr4);
            Arrays.fill(bArr2, (byte) 0);
            Arrays.fill(asBytes, (byte) 0);
            return doFinal;
        } catch (Exception e) {
            throw new EncryptionException(e.getMessage(), e);
        }
    }
}
